Tuesday, 27 October 2015

The answer to emailed malware

As far as I can see, the main malware problems today are:

1) Incoming emails
2) Web sites that auto-run malware.

2) is easily handled. If you're using Firefox (you certainly shouldn't be using Internet Explorer) then you install Noscript (there's similar things for Opera and Chrome). That stops Javascript, Java and other executables from running unless you allow it. Of course, this still leaves a hole to trip up the Clueless User, who might allow something they shouldn't. I also use AdBlock, because the ONLY time I ever got hit by malware, was when one of the adverts served by turned out to be a cross-site scripting attack targetting Windows running Internet Explorer.

So that leaves incoming emails. And last night, I thought of a way to deal with those. First, exe files (that includes scr files, and zip files contining exe and scr files). For that, you can use an email filter. I use a very simple home-made filter that sorts my email into various categories (mostly for the purpose of dealing with spam), one of which is exe, scr and zip files. It would be easy to add "and delete the file" to that filter. Actually, I delete them by hand, because before I delete them, I can send them to VirusTotal, which has the effect of A) seeing how bad the various products are, and B) getting a sample of the malware into the hands of the AV companies, so they can update their software.

Of course, if you really do want to receive exe files, that presents a problem. Easily solved - encrypt the file (or use a compressor with encryption such as zip) and email that, along with the password. Of course, if you receive an email with an exe file sent in this way, you should be sure that you know what it is and who sent it before you use it!

So what about doc, xls and pdf files? There are legitimate requirements for these to be emailed. But these can contain macros, which run on your system, and could be malicious.

I use Libreoffice for doc and xls files. If you start up LibreOffice and go to Tools ... options ... Security ... macro security, and choose "very high". Then only macros from trusted locations are allowed. And my list of trusted locations is - none. This works for doc and xls files. If you're using Word and Excel, I feel sure that Microsoft will have provided a similar way of blocking all macros, but I don't run Word, so you'll have to discover that for yourself.

To deal with PDF macros, I simply don't use Adobe Acrobat. I use LibreOffice again - macros disabled.

So that's something that anyone can do, at zero cost (LibreOffice is free), which looks like it will be a lot more effective than the antivirus products in VirusTotal.

But there's a way that this could all be done in software that one would install, without the user having to change the options in the software they're using, and that's what occurred to me last night. I don't know of a product that implements it, and I'm not planning to write such a product myself, but if anyone contacts me and offers a sufficient inducement, I can tell them how to do it.

1 comment:

  1. If your system crashes or becomes infected with malware, you could lose important business information. It’s important to regularly back up crucial business data so it’s not lost.
    iDeals secure virtual data room